davidcr01
commented
7 months ago Update Report
PoC
Before applying this changes, it is necessary to check if the Wazuh central components are running correctly. As a Proof of Concept test, I deployed an AIO installation with the Installation assistant.
Installation log
```console root@ubuntu22:/home/vagrant# cat /var/log/wazuh-install.log 05/04/2024 09:11:04 DEBUG: Checking root permissions. 05/04/2024 09:11:04 DEBUG: Checking sudo package. 05/04/2024 09:11:04 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 05/04/2024 09:11:04 INFO: Verbose logging redirected to /var/log/wazuh-install.log 05/04/2024 09:11:04 DEBUG: APT package manager will be used. 05/04/2024 09:11:04 DEBUG: Checking system distribution. 05/04/2024 09:11:04 DEBUG: Detected distribution name: ubuntu 05/04/2024 09:11:04 DEBUG: Detected distribution version: 22 05/04/2024 09:11:04 DEBUG: Installing check dependencies. Hit:1 http://archive.ubuntu.com/ubuntu jammy InRelease Get:2 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB] Get:3 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [109 kB] Get:4 http://archive.ubuntu.com/ubuntu jammy/universe amd64 Packages [14.1 MB] Get:5 http://archive.ubuntu.com/ubuntu jammy/universe Translation-en [5652 kB] Get:6 http://archive.ubuntu.com/ubuntu jammy/universe amd64 c-n-f Metadata [286 kB] Get:7 http://archive.ubuntu.com/ubuntu jammy/multiverse amd64 Packages [217 kB] Get:8 http://archive.ubuntu.com/ubuntu jammy/multiverse Translation-en [112 kB] Get:9 http://archive.ubuntu.com/ubuntu jammy/multiverse amd64 c-n-f Metadata [8372 B] Get:10 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [1519 kB] Get:11 http://archive.ubuntu.com/ubuntu jammy-updates/main Translation-en [293 kB] Get:12 http://archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [1648 kB] Get:13 http://archive.ubuntu.com/ubuntu jammy-updates/restricted Translation-en [275 kB] Get:14 http://archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [1060 kB] Get:15 http://archive.ubuntu.com/ubuntu jammy-updates/universe Translation-en [241 kB] Get:16 http://archive.ubuntu.com/ubuntu jammy-updates/universe amd64 c-n-f Metadata [22.1 kB] Get:17 http://archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 Packages [49.6 kB] Get:18 http://archive.ubuntu.com/ubuntu jammy-updates/multiverse Translation-en [12.0 kB] Get:19 http://archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 c-n-f Metadata [472 B] Get:20 http://archive.ubuntu.com/ubuntu jammy-backports/main amd64 Packages [67.1 kB] Get:21 http://archive.ubuntu.com/ubuntu jammy-backports/main Translation-en [11.0 kB] Get:22 http://archive.ubuntu.com/ubuntu jammy-backports/main amd64 c-n-f Metadata [388 B] Get:23 http://archive.ubuntu.com/ubuntu jammy-backports/restricted amd64 c-n-f Metadata [116 B] Get:24 http://archive.ubuntu.com/ubuntu jammy-backports/universe amd64 Packages [28.4 kB] Get:25 http://archive.ubuntu.com/ubuntu jammy-backports/universe Translation-en [16.2 kB] Get:26 http://archive.ubuntu.com/ubuntu jammy-backports/universe amd64 c-n-f Metadata [644 B] Get:27 http://archive.ubuntu.com/ubuntu jammy-backports/multiverse amd64 c-n-f Metadata [116 B] Get:28 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB] Get:29 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [1303 kB] Get:30 http://security.ubuntu.com/ubuntu jammy-security/main Translation-en [233 kB] Get:31 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [1616 kB] Get:32 http://security.ubuntu.com/ubuntu jammy-security/restricted Translation-en [271 kB] Get:33 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [852 kB] Get:34 http://security.ubuntu.com/ubuntu jammy-security/universe Translation-en [163 kB] Get:35 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 c-n-f Metadata [16.8 kB] Get:36 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [37.1 kB] Get:37 http://security.ubuntu.com/ubuntu jammy-security/multiverse Translation-en [7476 B] Get:38 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 c-n-f Metadata [260 B] Fetched 13.3 MB in 16s (819 kB/s) Reading package lists... 05/04/2024 09:11:32 DEBUG: Checking Wazuh installation. 05/04/2024 09:11:34 DEBUG: Checking system architecture. 05/04/2024 09:11:34 WARNING: Hardware and system checks ignored. 05/04/2024 09:11:34 INFO: Wazuh web interface port will be 443. 05/04/2024 09:11:35 DEBUG: Checking ports availability. Hit:1 http://security.ubuntu.com/ubuntu jammy-security InRelease Hit:2 http://archive.ubuntu.com/ubuntu jammy InRelease Hit:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease Reading package lists... 05/04/2024 09:11:38 DEBUG: Installing prerequisites dependencies. 05/04/2024 09:11:42 INFO: --- Dependencies ---- 05/04/2024 09:11:42 INFO: Installing apt-transport-https. Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: apt-transport-https 0 upgraded, 1 newly installed, 0 to remove and 72 not upgraded. Need to get 1510 B of archives. After this operation, 170 kB of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu jammy-updates/universe amd64 apt-transport-https all 2.4.12 [1510 B] Fetched 1510 B in 0s (3655 B/s) Selecting previously u NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.15.0-92-generic NEEDRESTART-KEXP: 5.15.0-92-generic NEEDRESTART-KSTA: 1 05/04/2024 09:11:48 INFO: Installing debhelper. Reading package lists... Building dependency tree... Reading state information... The following additional packages will be installed: autoconf automake autopoint autotools-dev build-essential bzip2 cpp cpp-11 debugedit dh-autoreconf dh-strip-nondeterminism dpkg-dev dwz fakeroot fontconfig-config fonts-dejavu-core g++ g++-11 gcc gcc-11 gcc-11-base gettext intltool-debian libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libarchive-cpio-perl libarchive-zip-perl libasan6 libatomic1 libc-dev-bin libc-devtools libc6-dev libcc1-0 libcrypt-dev libdebhelper-perl libdeflate0 libdpkg-perl libfakeroot libfile-fcntllock-perl libfile-stripnondeterminism-perl libfontconfig1 libgcc-11-dev libgd3 libgomp1 libisl23 libitm1 libjbig0 libjpeg-turbo8 libjpeg8 liblsan0 libltdl-dev libltdl7 libmail-sendmail-perl libmpc3 libnsl-dev libquadmath0 libstdc++-11-dev libsub-override-perl libsys-hostname-long-perl libtiff5 libtirpc-dev libtool libtsan0 libubsan1 libwebp7 libxpm4 linux-libc-dev lto-disabled-list m4 make manpages-dev po-debconf rpcsvc-proto Suggested packages: autoconf-archive gnu-standards autoconf-doc bzip2-doc cpp-doc gcc-11-locales dh-make debian-keyring g++-multilib g++-11-multilib gcc-11-doc gcc-multilib flex bison gdb gcc-doc gcc-11-multilib gettext-doc libasprintf-dev libgettextpo-dev glibc-doc bzr libgd-tools libtool-doc libstdc++-11-doc gfortran | fortran95-compiler gcj-jdk m4-doc make-doc libmail-box-perl The following NEW packages will be installed: autoconf automake autopoint autotools-dev build-essential bzip2 cpp cpp-11 debhelper debugedit dh-autoreconf dh-strip-nondeterminism dpkg-dev dwz fakeroot fontconfig-config fonts-dejavu-core g++ g++-11 gcc gcc-11 gcc-11-base gettext intltool-debian libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libarchive-cpio-perl libarchive-zip-perl libasan6 libatomic1 libc-dev-bin libc-devtools libc6-dev libcc1-0 libcrypt-dev libdebhelper-perl libdeflate0 libdpkg-perl libfakeroot libfile-fcntllock-perl libfile-stripnondeterminism-perl libfontconfig1 libgcc-11-dev libgd3 libgomp1 libisl23 libitm1 libjbig0 libjpeg-turbo8 libjpeg8 liblsan0 libltdl-dev libltdl7 libmail-sendmail-perl libmpc3 libnsl-dev libquadmath0 libstdc++-11-dev libsub-override-perl libsys-hostname-long-perl libtiff5 libtirpc-dev libtool libtsan0 libubsan1 libwebp7 libxpm4 linux-libc-dev lto-disabled-list m4 make manpages-dev po-debconf rpcsvc-proto 0 upgraded, 75 newly installed, 0 to remove and 72 not upgraded. Need to get 68.2 MB of archives. After this operation, 221 MB of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu jammy/main amd64 m4 amd64 1.4.18-5ubuntu2 [199 kB] Get:2 http://archive.ubuntu.com/ubuntu jammy/main amd64 autoconf all 2.71-2 [338 kB] Get:3 http://archive.ubuntu.com/ubuntu jammy/main amd64 autotools-dev all 20220109.1 [44.9 kB] Get:4 http://archive.ubuntu.com/ubuntu jammy/main amd64 automake all 1:1.16.5-1.3 [558 kB] Get:5 http://archive.ubuntu.com/ubuntu jammy/main amd64 autopoint all 0.21-4ubuntu4 [422 kB] Get:6 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc-dev-bin amd64 2.35-0ubuntu3.6 [20.3 kB] Get:7 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 linux-libc-dev amd64 5.15.0-101.111 [1333 kB] Get:8 http://archive.ubuntu.com/ubuntu jammy/main amd64 libcrypt-dev amd64 1:4.4.27-1 [112 kB] Get:9 http://archive.ubuntu.com/ubuntu jammy/main amd64 rpcsvc-proto amd64 1.4.2-0ubuntu6 [68.5 kB] Get:10 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtirpc-dev amd64 1.3.2-2ubuntu0.1 [192 kB] Get:11 http://archive.ubuntu.com/ubuntu jammy/main amd64 libnsl-dev amd64 1.3.0-2build2 [71.3 kB] Get:12 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc6-dev amd64 2.35-0ubuntu3.6 [2100 kB] Get:13 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 gcc-11-base amd64 11.4.0-1ubuntu1~22.04 [20.2 kB] Get:14 http://archive.ubuntu.com/ubuntu jammy/main amd64 libisl23 amd64 0.24-2build1 [727 kB] Get:15 http://archive.ubuntu.com/ubuntu jammy/main amd64 libmpc3 amd64 1.2.1-2build1 [46.9 kB] Get:16 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 cpp-11 amd64 11.4.0-1ubuntu1~22.04 [10.0 MB] Get:17 http://archive.ubuntu.com/ubuntu jammy/main amd64 cpp amd64 4:11.2.0-1ubuntu1 [27.7 kB] Get:18 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libcc1-0 amd64 12.3.0-1ubuntu1~22.04 [48.3 kB] Get:19 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgomp1 amd64 12.3.0-1ubuntu1~22.04 [126 kB] Get:20 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libitm1 amd64 12.3.0-1ubuntu1~22.04 [30.2 kB] Get:21 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libatomic1 amd64 12.3.0-1ubuntu1~22.04 [10.4 kB] Get:22 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libasan6 amd64 11.4.0-1ubuntu1~22.04 [2282 kB] Get:23 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 liblsan0 amd64 12.3.0-1ubuntu1~22.04 [1069 kB] Get:24 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtsan0 amd64 11.4.0-1ubuntu1~22.04 [2260 kB] Get:25 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libubsan1 amd64 12.3.0-1ubuntu1~22.04 [976 kB] Get:26 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libquadmath0 amd64 12.3.0-1ubuntu1~22.04 [154 kB] Get:27 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgcc-11-dev amd64 11.4.0-1ubuntu1~22.04 [2517 kB] Get:28 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 gcc-11 amd64 11.4.0-1ubuntu1~22.04 [20.1 MB] Get:29 http://archive.ubuntu.com/ubuntu jammy/main amd64 gcc amd64 4:11.2.0-1ubuntu1 [5112 B] Get:30 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libstdc++-11-dev amd64 11.4.0-1ubuntu1~22.04 [2101 kB] Get:31 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 g++-11 amd64 11.4.0-1ubuntu1~22.04 [11.4 MB] Get:32 http://archive.ubuntu.com/ubuntu jammy/main amd64 g++ amd64 4:11.2.0-1ubuntu1 [1412 B] Get:33 http://archive.ubuntu.com/ubuntu jammy/main amd64 make amd64 4.3-4.1build1 [180 kB] Get:34 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libdpkg-perl all 1.21.1ubuntu2.3 [237 kB] Get:35 http://archive.ubuntu.com/ubuntu jammy/main amd64 bzip2 amd64 1.0.8-5build1 [34.8 kB] Get:36 http://archive.ubuntu.com/ubuntu jammy/main amd64 lto-disabled-list all 24 [12.5 kB] Get:37 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 dpkg-dev all 1.21.1ubuntu2.3 [922 kB] Get:38 http://archive.ubuntu.com/ubuntu jammy/main amd64 build-essential amd64 12.9ubuntu3 [4744 B] Get:39 http://archive.ubuntu.com/ubuntu jammy/main amd64 libdebhelper-perl all 13.6ubuntu1 [67.2 kB] Get:40 http://archive.ubuntu.com/ubuntu jammy/main amd64 libtool all 2.4.6-15build2 [164 kB] Get:41 http://archive.ubuntu.com/ubuntu jammy/main amd64 dh-autoreconf all 20 [16.1 kB] Get:42 http://archive.ubuntu.com/ubuntu jammy/main amd64 libarchive-zip-perl all 1.68-1 [90.2 kB] Get:43 http://archive.ubuntu.com/ubuntu jammy/main amd64 libsub-override-perl all 0.09-2 [9532 B] Get:44 http://archive.ubuntu.com/ubuntu jammy/main amd64 libfile-stripnondeterminism-perl all 1.13.0-1 [18.1 kB] Get:45 http://archive.ubuntu.com/ubuntu jammy/main amd64 dh-strip-nondeterminism all 1.13.0-1 [5344 B] Get:46 http://archive.ubuntu.com/ubuntu jammy/main amd64 debugedit amd64 1:5.0-4build1 [47.2 kB] Get:47 http://archive.ubuntu.com/ubuntu jammy/main amd64 dwz amd64 0.14-1build2 [105 kB] Get:48 http://archive.ubuntu.com/ubuntu jammy/main amd64 gettext amd64 0.21-4ubuntu4 [868 kB] Get:49 http://archive.ubuntu.com/ubuntu jammy/main amd64 intltool-debian all 0.35.0+20060710.5 [24.9 kB] Get:50 http://archive.ubuntu.com/ubuntu jammy/main amd64 po-debconf all 1.0.21+nmu1 [233 kB] Get:51 http://archive.ubuntu.com/ubuntu jammy/main amd64 debhelper all 13.6ubuntu1 [923 kB] Get:52 http://archive.ubuntu.com/ubuntu jammy/main amd64 libfakeroot amd64 1.28-1ubuntu1 [31.5 kB] Get:53 http://archive.ubuntu.com/ubuntu jammy/main amd64 fakeroot amd64 1.28-1ubuntu1 [60.4 kB] Get:54 http://archive.ubuntu.com/ubuntu jammy/main amd64 fonts-dejavu-core all 2.37-2build1 [1041 kB] Get:55 http://archive.ubuntu.com/ubuntu jammy/main amd64 fontconfig-config all 2.13.1-4.2ubuntu5 [29.1 kB] Get:56 http://archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-diff-perl all 1.201-1 [41.8 kB] Get:57 http://archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-diff-xs-perl amd64 0.04-6build3 [11.9 kB] Get:58 http://archive.ubuntu.com/ubuntu jammy/main amd64 libalgorithm-merge-perl all 0.08-3 [12.0 kB] Get:59 http://archive.ubuntu.com/ubuntu jammy/main amd64 libarchive-cpio-perl all 0.10-1.1 [9928 B] Get:60 http://archive.ubuntu.com/ubuntu jammy/main amd64 libfontconfig1 amd64 2.13.1-4.2ubuntu5 [131 kB] Get:61 http://archive.ubuntu.com/ubuntu jammy/main amd64 libjpeg-turbo8 amd64 2.1.2-0ubuntu1 [134 kB] Get:62 http://archive.ubuntu.com/ubuntu jammy/main amd64 libjpeg8 amd64 8c-2ubuntu10 [2264 B] Get:63 http://archive.ubuntu.com/ubuntu jammy/main amd64 libdeflate0 amd64 1.10-2 [70.9 kB] Get:64 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libjbig0 amd64 2.1-3.1ubuntu0.22.04.1 [29.2 kB] Get:65 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libwebp7 amd64 1.2.2-2ubuntu0.22.04.2 [206 kB] Get:66 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtiff5 amd64 4.3.0-6ubuntu0.8 [185 kB] Get:67 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libxpm4 amd64 1:3.5.12-1ubuntu0.22.04.2 [36.7 kB] Get:68 http://archive.ubuntu.com/ubuntu jammy/main amd64 libgd3 amd64 2.3.0-2ubuntu2 [129 kB] Get:69 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc-devtools amd64 2.35-0ubuntu3.6 [29.0 kB] Get:70 http://archive.ubuntu.com/ubuntu jammy/main amd64 libfile-fcntllock-perl amd64 0.22-3build7 [33.9 kB] Get:71 http://archive.ubuntu.com/ubuntu jammy/main amd64 libltdl7 amd64 2.4.6-15build2 [39.6 kB] Get:72 http://archive.ubuntu.com/ubuntu jammy/main amd64 libltdl-dev amd64 2.4.6-15build2 [169 kB] Get:73 http://archive.ubuntu.com/ubuntu jammy/main amd64 libsys-hostname-long-perl all 1.5-2 [11.5 kB] Get:74 http://archive.ubuntu.com/ubuntu jammy/main amd64 libmail-sendmail-perl all 0.80-1.1 [22.7 kB] Get:75 http://archi NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.15.0-92-generic NEEDRESTART-KEXP: 5.15.0-92-generic NEEDRESTART-KSTA: 1 Selecting previously unselected package m4. 05/04/2024 09:12:36 DEBUG: Checking curl tool version. 05/04/2024 09:12:36 DEBUG: Adding the Wazuh repository. gpg: keyring '/usr/share/keyrings/wazuh.gpg' created gpg: directory '/root/.gnupg' created gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key)Wazuh manager log
Some errors like the following are generated: ```console 2024/04/05 09:19:41 indexer-connector: WARNING: Error initializing IndexerConnector for index 'wazuh-states-vulnerabilities': Failed to initialize template for index 'wazuh-states-vulnerabilities'. Error: Failed to initialize template for index 'wazuh-states-vulnerabilities'. Error: Problem with the local SSL certificate. Retrying in 2 seconds. Maximum wait time: 60 seconds. ``` I beleive that this error is not related to the certificate change. It is related to a time condition between the Wazuh indexer and the Wazuh manager. Then, this warnings stop generating. ``` 2024/04/05 09:20:44 indexer-connector: INFO: IndexerConnector initialized. ``` ```console root@ubuntu22:/home/vagrant# cat /var/ossec/logs/ossec.log 2024/04/05 09:19:26 wazuh-modulesd:router: INFO: Loaded router module. 2024/04/05 09:19:26 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. 2024/04/05 09:19:32 wazuh-csyslogd: INFO: Remote syslog server not configured. Clean exit. 2024/04/05 09:19:32 wazuh-dbd: INFO: Database not configured. Clean exit. 2024/04/05 09:19:32 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. 2024/04/05 09:19:32 wazuh-agentlessd: INFO: Not configured. Exiting. 2024/04/05 09:19:32 wazuh-authd: INFO: Started (pid: 50958). 2024/04/05 09:19:32 wazuh-authd: INFO: Accepting connections on port 1515. No password required. 2024/04/05 09:19:32 wazuh-authd: INFO: Setting network timeout to 1.000000 sec. 2024/04/05 09:19:33 wazuh-db: INFO: Started (pid: 50974). 2024/04/05 09:19:33 wazuh-db: INFO: Created Global database backup "backup/db/global.db-backup-2024-04-05-09:19:33.gz" 2024/04/05 09:19:34 wazuh-execd: INFO: Started (pid: 50999). 2024/04/05 09:19:36 wazuh-analysisd: INFO: Total rules enabled: '6786' 2024/04/05 09:19:36 wazuh-analysisd: INFO: Started (pid: 51022). 2024/04/05 09:19:36 wazuh-syscheckd: INFO: Started (pid: 51035). 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6003): Monitoring path: '/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6003): Monitoring path: '/boot', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6003): Monitoring path: '/etc', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6003): Monitoring path: '/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mtab' 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/hosts.deny' 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mail/statistics' 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random-seed' 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random.seed' 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/adjtime' 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/httpd/logs' 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/utmpx' 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/wtmpx' 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/cups/certs' 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/dumpdates' 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/svc/volatile' 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6207): Ignore 'file' sregex '.log$|.swp$' 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6004): No diff for file: '/etc/ssl/private.key' 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6000): Starting daemon... 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6010): File integrity monitoring scan frequency: 43200 seconds 2024/04/05 09:19:36 wazuh-syscheckd: INFO: (6008): File integrity monitoring scan started. 2024/04/05 09:19:36 wazuh-analysisd: INFO: EPS limit disabled 2024/04/05 09:19:36 wazuh-analysisd: INFO: (7200): Logtest started 2024/04/05 09:19:36 rootcheck: INFO: Starting rootcheck scan. 2024/04/05 09:19:37 wazuh-remoted: INFO: Started (pid: 51082). Listening on port 1514/TCP (secure). 2024/04/05 09:19:37 wazuh-remoted: INFO: (1410): Reading authentication keys file. 2024/04/05 09:19:39 wazuh-logcollector: INFO: Monitoring output of command(360): df -P 2024/04/05 09:19:39 wazuh-logcollector: INFO: Monitoring full output of command(360): netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d 2024/04/05 09:19:39 wazuh-logcollector: INFO: Monitoring full output of command(360): last -n 20 2024/04/05 09:19:39 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/ossec/logs/active-responses.log'. 2024/04/05 09:19:39 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/auth.log'. 2024/04/05 09:19:39 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/syslog'. 2024/04/05 09:19:39 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/dpkg.log'. 2024/04/05 09:19:39 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/kern.log'. 2024/04/05 09:19:39 wazuh-logcollector: INFO: Started (pid: 51117). 2024/04/05 09:19:40 wazuh-monitord: INFO: Started (pid: 51135). 2024/04/05 09:19:41 wazuh-modulesd:router: INFO: Loaded router module. 2024/04/05 09:19:41 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. 2024/04/05 09:19:41 wazuh-modulesd: INFO: Started (pid: 51157). 2024/04/05 09:19:41 wazuh-modulesd:agent-upgrade: INFO: (8153): Module Agent Upgrade started. 2024/04/05 09:19:41 wazuh-modulesd:osquery: INFO: Module disabled. Exiting... 2024/04/05 09:19:41 wazuh-modulesd:control: INFO: Starting control thread. 2024/04/05 09:19:41 wazuh-modulesd:database: INFO: Module started. 2024/04/05 09:19:41 wazuh-modulesd:download: INFO: Module started. 2024/04/05 09:19:41 wazuh-modulesd:content_manager: INFO: Starting content_manager module. 2024/04/05 09:19:41 wazuh-modulesd:router: INFO: Starting router module. 2024/04/05 09:19:41 sca: INFO: Module started. 2024/04/05 09:19:41 sca: INFO: Loaded policy '/var/ossec/ruleset/sca/cis_ubuntu22-04.yml' 2024/04/05 09:19:41 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module. 2024/04/05 09:19:41 wazuh-modulesd:ciscat: INFO: Module disabled. Exiting... 2024/04/05 09:19:41 sca: INFO: Starting Security Configuration Assessment scan. 2024/04/05 09:19:41 wazuh-modulesd:task-manager: INFO: (8200): Module Task Manager started. 2024/04/05 09:19:41 sca: INFO: Starting evaluation of policy: '/var/ossec/ruleset/sca/cis_ubuntu22-04.yml' 2024/04/05 09:19:41 wazuh-modulesd:syscollector: INFO: Module started. 2024/04/05 09:19:41 wazuh-modulesd:syscollector: INFO: Starting evaluation. 2024/04/05 09:19:41 wazuh-modulesd:vulnerability-scanner: INFO: Starting database file decompression. 2024/04/05 09:19:41 indexer-connector: WARNING: Error initializing IndexerConnector for index 'wazuh-states-vulnerabilities': Failed to initialize template for index 'wazuh-states-vulnerabilities'. Error: Failed to initialize template for index 'wazuh-states-vulnerabilities'. Error: Problem with the local SSL certificate. Retrying in 2 seconds. Maximum wait time: 60 seconds. 2024/04/05 09:19:42 wazuh-modulesd:syscollector: INFO: Evaluation finished. 2024/04/05 09:19:43 indexer-connector: WARNING: Error initializing IndexerConnector for index 'wazuh-states-vulnerabilities': Failed to initialize template for index 'wazuh-states-vulnerabilities'. Error: Failed to initialize template for index 'wazuh-states-vulnerabilities'. Error: Problem with the local SSL certificate. Retrying in 4 seconds. Maximum wait time: 60 seconds. 2024/04/05 09:19:47 indexer-connector: WARNING: Error initializing IndexerConnector for index 'wazuh-states-vulnerabilities': Failed to initialize template for index 'wazuh-states-vulnerabilities'. Error: Failed to initialize template for index 'wazuh-states-vulnerabilities'. Error: Problem with the local SSL certificate. Retrying in 8 seconds. Maximum wait time: 60 seconds. 2024/04/05 09:19:55 indexer-connector: WARNING: Error initializing IndexerConnector for index 'wazuh-states-vulnerabilities': Failed to initialize template for index 'wazuh-states-vulnerabilities'. Error: Failed to initialize template for index 'wazuh-states-vulnerabilities'. Error: Problem with the local SSL certificate. Retrying in 16 seconds. Maximum wait time: 60 seconds. 2024/04/05 09:19:57 sca: INFO: Evaluation finished for policy '/var/ossec/ruleset/sca/cis_ubuntu22-04.yml' 2024/04/05 09:19:57 sca: INFO: Security Configuration Assessment scan finished. Duration: 16 seconds. 2024/04/05 09:19:57 wazuh-syscheckd: INFO: (6009): File integrity monitoring scan ended. 2024/04/05 09:19:57 wazuh-syscheckd: INFO: FIM sync module started. 2024/04/05 09:20:12 indexer-connector: WARNING: Error initializing IndexerConnector for index 'wazuh-states-vulnerabilities': Failed to initialize template for index 'wazuh-states-vulnerabilities'. Error: Failed to initialize template for index 'wazuh-states-vulnerabilities'. Error: Problem with the local SSL certificate. Retrying in 32 seconds. Maximum wait time: 60 seconds. 2024/04/05 09:20:44 indexer-connector: INFO: IndexerConnector initialized. 2024/04/05 09:20:50 rootcheck: INFO: Ending rootcheck scan. 2024/04/05 09:21:43 wazuh-modulesd:vulnerability-scanner: INFO: Database decompression finished. 2024/04/05 09:21:45 wazuh-modulesd:content-updater: INFO: Starting scheduled action for 'vulnerability_feed_manager' 2024/04/05 09:21:45 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:21:46 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started 2024/04/05 09:22:53 wazuh-modulesd:syscollector: INFO: Stop received for Syscollector. 2024/04/05 09:22:53 wazuh-modulesd:syscollector: INFO: Module finished. 2024/04/05 09:22:53 wazuh-modulesd:vulnerability-scanner: INFO: Stopping vulnerability_scanner module. 2024/04/05 09:23:01 wazuh-modulesd:router: INFO: Stopping router module. 2024/04/05 09:23:01 wazuh-modulesd:content_manager: INFO: Stopping content_manager module. 2024/04/05 09:23:02 wazuh-modulesd:content-updater: WARNING: The offsets download has been interrupted 2024/04/05 09:23:02 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:23:02 wazuh-modulesd:content-updater: INFO: Scheduler stopped for 'vulnerability_feed_manager' 2024/04/05 09:23:02 wazuh-monitord: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/04/05 09:23:02 wazuh-logcollector: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/04/05 09:23:02 wazuh-remoted: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/04/05 09:23:02 wazuh-syscheckd: INFO: (1756): Shutdown received. Releasing resources. 2024/04/05 09:23:02 wazuh-syscheckd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/04/05 09:23:03 wazuh-analysisd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/04/05 09:23:03 wazuh-execd: INFO: (1314): Shutdown received. Deleting responses. 2024/04/05 09:23:03 wazuh-execd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/04/05 09:23:03 wazuh-db: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/04/05 09:23:04 wazuh-authd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/04/05 09:23:05 wazuh-authd: INFO: Exiting... 2024/04/05 09:23:07 wazuh-modulesd:router: INFO: Loaded router module. 2024/04/05 09:23:07 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. 2024/04/05 09:23:11 wazuh-csyslogd: INFO: Remote syslog server not configured. Clean exit. 2024/04/05 09:23:11 wazuh-dbd: INFO: Database not configured. Clean exit. 2024/04/05 09:23:11 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. 2024/04/05 09:23:11 wazuh-agentlessd: INFO: Not configured. Exiting. 2024/04/05 09:23:11 wazuh-authd: INFO: Started (pid: 54109). 2024/04/05 09:23:11 wazuh-authd: INFO: Accepting connections on port 1515. No password required. 2024/04/05 09:23:11 wazuh-authd: INFO: Setting network timeout to 1.000000 sec. 2024/04/05 09:23:12 wazuh-db: INFO: Started (pid: 54125). 2024/04/05 09:23:13 wazuh-execd: INFO: Started (pid: 54149). 2024/04/05 09:23:15 wazuh-analysisd: INFO: Total rules enabled: '6786' 2024/04/05 09:23:15 wazuh-analysisd: INFO: Started (pid: 54164). 2024/04/05 09:23:15 wazuh-analysisd: INFO: EPS limit disabled 2024/04/05 09:23:15 wazuh-analysisd: INFO: (7200): Logtest started 2024/04/05 09:23:15 wazuh-syscheckd: INFO: Started (pid: 54207). 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6003): Monitoring path: '/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6003): Monitoring path: '/boot', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6003): Monitoring path: '/etc', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6003): Monitoring path: '/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mtab' 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/hosts.deny' 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mail/statistics' 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random-seed' 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random.seed' 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/adjtime' 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/httpd/logs' 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/utmpx' 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/wtmpx' 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/cups/certs' 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/dumpdates' 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/svc/volatile' 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6207): Ignore 'file' sregex '.log$|.swp$' 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6004): No diff for file: '/etc/ssl/private.key' 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6000): Starting daemon... 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6010): File integrity monitoring scan frequency: 43200 seconds 2024/04/05 09:23:15 wazuh-syscheckd: INFO: (6008): File integrity monitoring scan started. 2024/04/05 09:23:15 rootcheck: INFO: Starting rootcheck scan. 2024/04/05 09:23:16 wazuh-remoted: INFO: Started (pid: 54224). Listening on port 1514/TCP (secure). 2024/04/05 09:23:16 wazuh-remoted: INFO: (1410): Reading authentication keys file. 2024/04/05 09:23:18 wazuh-logcollector: INFO: Monitoring output of command(360): df -P 2024/04/05 09:23:18 wazuh-logcollector: INFO: Monitoring full output of command(360): netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d 2024/04/05 09:23:18 wazuh-logcollector: INFO: Monitoring full output of command(360): last -n 20 2024/04/05 09:23:18 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/ossec/logs/active-responses.log'. 2024/04/05 09:23:18 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/auth.log'. 2024/04/05 09:23:18 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/syslog'. 2024/04/05 09:23:18 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/dpkg.log'. 2024/04/05 09:23:18 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/kern.log'. 2024/04/05 09:23:18 wazuh-logcollector: INFO: Started (pid: 54258). 2024/04/05 09:23:19 wazuh-monitord: INFO: Started (pid: 54277). 2024/04/05 09:23:20 wazuh-modulesd:router: INFO: Loaded router module. 2024/04/05 09:23:20 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. 2024/04/05 09:23:20 wazuh-modulesd: INFO: Started (pid: 54299). 2024/04/05 09:23:20 wazuh-modulesd:database: INFO: Module started. 2024/04/05 09:23:20 wazuh-modulesd:content_manager: INFO: Starting content_manager module. 2024/04/05 09:23:20 wazuh-modulesd:router: INFO: Starting router module. 2024/04/05 09:23:20 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module. 2024/04/05 09:23:20 sca: INFO: Module started. 2024/04/05 09:23:20 sca: INFO: Loaded policy '/var/ossec/ruleset/sca/cis_ubuntu22-04.yml' 2024/04/05 09:23:20 wazuh-modulesd:osquery: INFO: Module disabled. Exiting... 2024/04/05 09:23:20 wazuh-modulesd:ciscat: INFO: Module disabled. Exiting... 2024/04/05 09:23:20 wazuh-modulesd:download: INFO: Module started. 2024/04/05 09:23:20 wazuh-modulesd:control: INFO: Starting control thread. 2024/04/05 09:23:20 wazuh-modulesd:agent-upgrade: INFO: (8153): Module Agent Upgrade started. 2024/04/05 09:23:20 sca: INFO: Starting Security Configuration Assessment scan. 2024/04/05 09:23:20 wazuh-modulesd:task-manager: INFO: (8200): Module Task Manager started. 2024/04/05 09:23:20 sca: INFO: Starting evaluation of policy: '/var/ossec/ruleset/sca/cis_ubuntu22-04.yml' 2024/04/05 09:23:20 wazuh-modulesd:syscollector: INFO: Module started. 2024/04/05 09:23:20 wazuh-modulesd:syscollector: INFO: Starting evaluation. 2024/04/05 09:23:21 indexer-connector: WARNING: Error initializing IndexerConnector for index 'wazuh-states-vulnerabilities': Failed to initialize template for index 'wazuh-states-vulnerabilities'. Error: Failed to initialize template for index 'wazuh-states-vulnerabilities'. HTTP error: HTTP response code said error (Status code: 401).. Retrying in 2 seconds. Maximum wait time: 60 seconds. 2024/04/05 09:23:21 wazuh-modulesd:syscollector: INFO: Evaluation finished. 2024/04/05 09:23:21 wazuh-modulesd:content-updater: INFO: Starting scheduled action for 'vulnerability_feed_manager' 2024/04/05 09:23:21 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:23:22 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started 2024/04/05 09:23:23 indexer-connector: WARNING: Error initializing IndexerConnector for index 'wazuh-states-vulnerabilities': Failed to initialize template for index 'wazuh-states-vulnerabilities'. Error: Failed to initialize template for index 'wazuh-states-vulnerabilities'. HTTP error: HTTP response code said error (Status code: 401).. Retrying in 4 seconds. Maximum wait time: 60 seconds. 2024/04/05 09:23:24 wazuh-syscheckd: INFO: (6009): File integrity monitoring scan ended. 2024/04/05 09:23:24 wazuh-syscheckd: INFO: FIM sync module started. 2024/04/05 09:23:28 indexer-connector: WARNING: Error initializing IndexerConnector for index 'wazuh-states-vulnerabilities': Failed to initialize template for index 'wazuh-states-vulnerabilities'. Error: Failed to initialize template for index 'wazuh-states-vulnerabilities'. HTTP error: HTTP response code said error (Status code: 401).. Retrying in 8 seconds. Maximum wait time: 60 seconds. 2024/04/05 09:23:32 sca: INFO: Evaluation finished for policy '/var/ossec/ruleset/sca/cis_ubuntu22-04.yml' 2024/04/05 09:23:32 sca: INFO: Security Configuration Assessment scan finished. Duration: 12 seconds. 2024/04/05 09:23:37 indexer-connector: INFO: IndexerConnector initialized. 2024/04/05 09:23:53 rootcheck: INFO: Ending rootcheck scan. 2024/04/05 09:25:39 wazuh-modulesd:content-updater: INFO: Data published 2024/04/05 09:25:39 wazuh-modulesd:vulnerability-scanner: INFO: Processing message 2024/04/05 09:25:39 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:25:39 wazuh-modulesd:vulnerability-scanner: INFO: Processing file: queue/vd_updater/tmp/contents/245855-api_file.json 2024/04/05 09:26:06 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:26:06 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:26:06 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:28:17 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:28:17 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:28:17 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:28:49 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:28:49 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:28:49 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:28:57 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:28:57 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:28:57 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:29:06 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:29:06 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:29:06 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:29:07 wazuh-modulesd:vulnerability-scanner: INFO: Processing file: queue/vd_updater/tmp/contents/246855-api_file.json 2024/04/05 09:29:10 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:29:10 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:29:10 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:29:15 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:29:15 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:29:15 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:29:24 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:29:24 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:29:24 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:30:42 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:30:42 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:30:42 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:31:18 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:31:18 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:31:18 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:31:20 wazuh-modulesd:vulnerability-scanner: INFO: Processing file: queue/vd_updater/tmp/contents/247855-api_file.json 2024/04/05 09:31:27 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:31:27 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:31:27 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:31:32 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:31:32 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:31:32 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:31:43 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:31:43 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:31:43 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:31:47 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:31:47 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:31:47 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:31:55 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:31:55 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:31:55 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:31:56 wazuh-modulesd:vulnerability-scanner: INFO: Processing file: queue/vd_updater/tmp/contents/248855-api_file.json 2024/04/05 09:32:05 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:32:05 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:32:05 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:32:13 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:32:13 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:32:13 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:32:23 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:32:23 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:32:23 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:32:32 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:32:32 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:32:32 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:32:38 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:32:38 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:32:38 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:32:39 wazuh-modulesd:vulnerability-scanner: INFO: Processing file: queue/vd_updater/tmp/contents/249855-api_file.json 2024/04/05 09:32:52 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:32:52 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:32:52 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:33:03 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:33:03 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:33:03 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:33:13 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:33:13 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:33:13 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:33:19 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:33:19 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:33:19 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:33:25 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:33:25 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:33:25 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:33:26 wazuh-modulesd:vulnerability-scanner: INFO: Processing file: queue/vd_updater/tmp/contents/250855-api_file.json 2024/04/05 09:33:32 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:33:32 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:33:32 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:33:40 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:33:40 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:33:40 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:33:50 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:33:50 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:33:50 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:33:57 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:33:57 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:33:57 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:34:03 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:34:03 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:34:03 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:34:04 wazuh-modulesd:vulnerability-scanner: INFO: Processing file: queue/vd_updater/tmp/contents/251855-api_file.json 2024/04/05 09:34:12 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:34:12 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:34:12 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:34:20 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:34:20 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:34:20 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:34:30 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:34:30 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:34:30 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:34:37 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:34:37 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:34:37 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:34:42 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:34:42 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:34:42 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:34:43 wazuh-modulesd:vulnerability-scanner: INFO: Processing file: queue/vd_updater/tmp/contents/252855-api_file.json 2024/04/05 09:34:51 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:34:51 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:34:51 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:35:06 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:35:06 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:35:06 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:35:21 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:35:21 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:35:21 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:35:25 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:35:25 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:35:25 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:35:30 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:35:30 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:35:30 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:35:31 wazuh-modulesd:vulnerability-scanner: INFO: Processing file: queue/vd_updater/tmp/contents/253855-api_file.json 2024/04/05 09:35:39 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:35:39 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:35:39 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:35:42 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:35:42 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:35:42 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:35:48 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:35:48 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:35:48 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:35:56 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:35:56 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:35:56 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:36:02 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:36:02 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:36:02 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:36:03 wazuh-modulesd:vulnerability-scanner: INFO: Processing file: queue/vd_updater/tmp/contents/254855-api_file.json 2024/04/05 09:36:07 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:36:07 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:36:07 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:36:14 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:36:14 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:36:14 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:36:23 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:36:23 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:36:23 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:36:29 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:36:29 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:36:29 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:36:39 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:36:39 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:36:39 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:36:40 wazuh-modulesd:vulnerability-scanner: INFO: Processing file: queue/vd_updater/tmp/contents/255855-api_file.json 2024/04/05 09:36:50 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:36:50 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:36:50 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:36:58 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:36:58 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:36:58 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:37:07 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:37:07 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:37:07 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:37:14 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:37:14 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:37:14 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:37:19 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:37:19 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:37:19 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:37:20 wazuh-modulesd:vulnerability-scanner: INFO: Processing file: queue/vd_updater/tmp/contents/256855-api_file.json 2024/04/05 09:37:23 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:37:23 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:37:23 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:37:49 wazuh-modulesd:content-updater: INFO: Starting on-demand action for 'vulnerability_feed_manager' 2024/04/05 09:37:49 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' started 2024/04/05 09:37:49 wazuh-modulesd:content-updater: INFO: Action for 'vulnerability_feed_manager' finished 2024/04/05 09:45:36 wazuh-modulesd:syscollector: INFO: Stop received for Syscollector. 2024/04/05 09:45:36 wazuh-modulesd:syscollector: INFO: Module finished. 2024/04/05 09:45:36 wazuh-modulesd:vulnerability-scanner: INFO: Stopping vulnerability_scanner module. 2024/04/05 09:45:50 wazuh-modulesd:vulnerability-scanner: INFO: Message processed 2024/04/05 09:45:58 wazuh-modulesd:router: INFO: Stopping router module. 2024/04/05 09:45:58 wazuh-modulesd:content_manager: INFO: Stopping content_manager module. 2024/04/05 09:45:58 wazuh-modulesd:content-updater: INFO: Scheduler stopped for 'vulnerability_feed_manager' 2024/04/05 09:45:59 wazuh-monitord: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/04/05 09:45:59 wazuh-logcollector: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/04/05 09:45:59 wazuh-remoted: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/04/05 09:45:59 wazuh-syscheckd: INFO: (1756): Shutdown received. Releasing resources. 2024/04/05 09:45:59 wazuh-syscheckd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/04/05 09:45:59 wazuh-analysisd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/04/05 09:45:59 wazuh-execd: INFO: (1314): Shutdown received. Deleting responses. 2024/04/05 09:45:59 wazuh-execd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/04/05 09:46:00 wazuh-db: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/04/05 09:46:01 wazuh-authd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning... 2024/04/05 09:46:02 wazuh-authd: INFO: Exiting... 2024/04/05 09:46:04 wazuh-csyslogd: ERROR: (1226): Error reading XML file 'etc/ossec.conf': (line 0). 2024/04/05 09:49:17 wazuh-csyslogd: ERROR: (1226): Error reading XML file 'etc/ossec.conf': (line 0). 2024/04/05 09:50:49 wazuh-modulesd:router: INFO: Loaded router module. 2024/04/05 09:50:49 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. 2024/04/05 09:50:55 wazuh-csyslogd: INFO: Remote syslog server not configured. Clean exit. 2024/04/05 09:50:55 wazuh-dbd: INFO: Database not configured. Clean exit. 2024/04/05 09:50:55 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. 2024/04/05 09:50:55 wazuh-agentlessd: INFO: Not configured. Exiting. 2024/04/05 09:50:55 wazuh-authd: INFO: Started (pid: 58567). 2024/04/05 09:50:55 wazuh-authd: INFO: Accepting connections on port 1515. No password required. 2024/04/05 09:50:55 wazuh-authd: INFO: Setting network timeout to 1.000000 sec. 2024/04/05 09:50:56 wazuh-db: INFO: Started (pid: 58583). 2024/04/05 09:50:57 wazuh-execd: INFO: Started (pid: 58608). 2024/04/05 09:50:59 wazuh-analysisd: INFO: Total rules enabled: '6786' 2024/04/05 09:50:59 wazuh-analysisd: INFO: Started (pid: 58622). 2024/04/05 09:50:59 wazuh-syscheckd: INFO: Started (pid: 58635). 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6003): Monitoring path: '/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6003): Monitoring path: '/boot', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6003): Monitoring path: '/etc', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6003): Monitoring path: '/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/bin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6003): Monitoring path: '/usr/sbin', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | scheduled'. 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mtab' 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/hosts.deny' 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/mail/statistics' 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random-seed' 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/random.seed' 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/adjtime' 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/httpd/logs' 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/utmpx' 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/wtmpx' 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/cups/certs' 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/dumpdates' 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6206): Ignore 'file' entry '/etc/svc/volatile' 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6207): Ignore 'file' sregex '.log$|.swp$' 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6004): No diff for file: '/etc/ssl/private.key' 2024/04/05 09:50:59 rootcheck: INFO: Starting rootcheck scan. 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6000): Starting daemon... 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6010): File integrity monitoring scan frequency: 43200 seconds 2024/04/05 09:50:59 wazuh-syscheckd: INFO: (6008): File integrity monitoring scan started. 2024/04/05 09:50:59 wazuh-analysisd: INFO: (7200): Logtest started 2024/04/05 09:50:59 wazuh-analysisd: INFO: EPS limit disabled 2024/04/05 09:51:00 wazuh-remoted: INFO: Started (pid: 58682). Listening on port 1514/TCP (secure). 2024/04/05 09:51:00 wazuh-remoted: INFO: (1410): Reading authentication keys file. 2024/04/05 09:51:01 wazuh-logcollector: INFO: Monitoring output of command(360): df -P 2024/04/05 09:51:01 wazuh-logcollector: INFO: Monitoring full output of command(360): netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d 2024/04/05 09:51:01 wazuh-logcollector: INFO: Monitoring full output of command(360): last -n 20 2024/04/05 09:51:01 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/ossec/logs/active-responses.log'. 2024/04/05 09:51:01 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/auth.log'. 2024/04/05 09:51:01 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/syslog'. 2024/04/05 09:51:01 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/dpkg.log'. 2024/04/05 09:51:01 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/kern.log'. 2024/04/05 09:51:01 wazuh-logcollector: INFO: Started (pid: 58716). 2024/04/05 09:51:02 wazuh-monitord: INFO: Started (pid: 58735). 2024/04/05 09:51:03 wazuh-modulesd:router: INFO: Loaded router module. 2024/04/05 09:51:03 wazuh-modulesd:content_manager: INFO: Loaded content_manager module. 2024/04/05 09:51:03 wazuh-modulesd: INFO: Started (pid: 58757). 2024/04/05 09:51:03 wazuh-modulesd:agent-upgrade: INFO: (8153): Module Agent Upgrade started. 2024/04/05 09:51:03 wazuh-modulesd:router: INFO: Starting router module. 2024/04/05 09:51:03 wazuh-modulesd:osquery: INFO: Module disabled. Exiting... 2024/04/05 09:51:03 wazuh-modulesd:ciscat: INFO: Module disabled. Exiting... 2024/04/05 09:51:03 sca: INFO: Module started. 2024/04/05 09:51:03 sca: INFO: Loaded policy '/var/ossec/ruleset/sca/cis_ubuntu22-04.yml' 2024/04/05 09:51:03 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module. 2024/04/05 09:51:03 wazuh-modulesd:content_manager: INFO: Starting content_manager module. 2024/04/05 09:51:03 wazuh-modulesd:database: INFO: Module started. 2024/04/05 09:51:03 wazuh-modulesd:download: INFO: Module started. 2024/04/05 09:51:03 wazuh-modulesd:control: INFO: Starting control thread. 2024/04/05 09:51:03 sca: INFO: Starting Security Configuration Assessment scan. 2024/04/05 09:51:03 wazuh-modulesd:task-manager: INFO: (8200): Module Task Manager started. 2024/04/05 09:51:03 sca: INFO: Starting evaluation of policy: '/var/ossec/ruleset/sca/cis_ubuntu22-04.yml' 2024/04/05 09:51:03 wazuh-modulesd:syscollector: INFO: Module started. 2024/04/05 09:51:03 wazuh-modulesd:syscollector: INFO: Starting evaluation. 2024/04/05 09:51:03 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module is disabled 2024/04/05 09:51:04 wazuh-modulesd:syscollector: INFO: Evaluation finished. 2024/04/05 09:51:08 wazuh-syscheckd: INFO: (6009): File integrity monitoring scan ended. 2024/04/05 09:51:08 wazuh-syscheckd: INFO: FIM sync module started. 2024/04/05 09:51:15 sca: INFO: Evaluation finished for policy '/var/ossec/ruleset/sca/cis_ubuntu22-04.yml' 2024/04/05 09:51:15 sca: INFO: Security Configuration Assessment scan finished. Duration: 12 seconds. 2024/04/05 09:51:33 rootcheck: INFO: Ending rootcheck scan. ```Wazuh indexer log
```console root@ubuntu22:/home/vagrant# cat /var/log/wazuh-indexer/wazuh-cluster.log [2024-04-05T09:16:50,527][INFO ][o.o.n.Node ] [node-1] version[2.10.0], pid[5912], build[rpm/eee49cb340edc6c4d489bcd9324dda571fc8dc03/2023-09-20T23:54:29.889267151Z], OS[Linux/5.15.0-92-generic/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/17.0.8/17.0.8+7] [2024-04-05T09:16:50,530][INFO ][o.o.n.Node ] [node-1] JVM home [/usr/share/wazuh-indexer/jdk], using bundled JDK/JRE [true] [2024-04-05T09:16:50,530][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1954m, -Xmx1954m, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-922446080234556353, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opendistro-performance-analyzer/pa_config/es_security.policy, -XX:MaxDirectMemorySize=1024458752, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true] [2024-04-05T09:16:51,985][INFO ][o.o.s.s.t.SSLConfig ] [node-1] SSL dual mode is disabled [2024-04-05T09:16:51,986][INFO ][o.o.s.OpenSearchSecurityPlugin] [node-1] OpenSearch Config path is /etc/wazuh-indexer [2024-04-05T09:16:52,337][INFO ][o.o.s.s.DefaultSecurityKeyStore] [node-1] JVM supports TLSv1.3 [2024-04-05T09:16:52,339][INFO ][o.o.s.s.DefaultSecurityKeyStore] [node-1] Config directory is /etc/wazuh-indexer/, from there the key- and truststore files are resolved relatively [2024-04-05T09:16:53,243][INFO ][o.o.s.s.DefaultSecurityKeyStore] [node-1] TLS Transport Client Provider : JDK [2024-04-05T09:16:53,244][INFO ][o.o.s.s.DefaultSecurityKeyStore] [node-1] TLS Transport Server Provider : JDK [2024-04-05T09:16:53,244][INFO ][o.o.s.s.DefaultSecurityKeyStore] [node-1] TLS HTTP Provider : JDK [2024-04-05T09:16:53,245][INFO ][o.o.s.s.DefaultSecurityKeyStore] [node-1] Enabled TLS protocols for transport layer : [TLSv1.3, TLSv1.2] [2024-04-05T09:16:53,245][INFO ][o.o.s.s.DefaultSecurityKeyStore] [node-1] Enabled TLS protocols for HTTP layer : [TLSv1.2] [2024-04-05T09:16:53,285][INFO ][o.o.s.OpenSearchSecurityPlugin] [node-1] Clustername: wazuh-cluster [2024-04-05T09:16:54,161][INFO ][o.o.p.c.c.PluginSettings ] [node-1] Trying to create directory /dev/shm/performanceanalyzer/. [2024-04-05T09:16:54,162][INFO ][o.o.p.c.c.PluginSettings ] [node-1] Config: metricsLocation: /dev/shm/performanceanalyzer/, metricsDeletionInterval: 1, httpsEnabled: false, cleanup-metrics-db-files: true, batch-metrics-retention-period-minutes: 7, rpc-port: 9650, webservice-port 9600 [2024-04-05T09:16:54,806][INFO ][o.o.i.r.ReindexPlugin ] [node-1] ReindexPlugin reloadSPI called [2024-04-05T09:16:54,810][INFO ][o.o.i.r.ReindexPlugin ] [node-1] Unable to find any implementation for RemoteReindexExtension [2024-04-05T09:16:54,885][INFO ][o.o.j.JobSchedulerPlugin ] [node-1] Loaded scheduler extension: reports-scheduler, index: .opendistro-reports-definitions [2024-04-05T09:16:54,890][INFO ][o.o.j.JobSchedulerPlugin ] [node-1] Loaded scheduler extension: opendistro_anomaly_detector, index: .opendistro-anomaly-detector-jobs [2024-04-05T09:16:54,891][INFO ][o.o.j.JobSchedulerPlugin ] [node-1] Loaded scheduler extension: opendistro-index-management, index: .opendistro-ism-config [2024-04-05T09:16:54,894][INFO ][o.o.j.JobSchedulerPlugin ] [node-1] Loaded scheduler extension: scheduler_geospatial_ip2geo_datasource, index: .scheduler-geospatial-ip2geo-datasource [2024-04-05T09:16:54,901][INFO ][o.o.p.PluginsService ] [node-1] loaded module [aggs-matrix-stats] [2024-04-05T09:16:54,902][INFO ][o.o.p.PluginsService ] [node-1] loaded module [analysis-common] [2024-04-05T09:16:54,902][INFO ][o.o.p.PluginsService ] [node-1] loaded module [geo] [2024-04-05T09:16:54,902][INFO ][o.o.p.PluginsService ] [node-1] loaded module [ingest-common] [2024-04-05T09:16:54,903][INFO ][o.o.p.PluginsService ] [node-1] loaded module [ingest-geoip] [2024-04-05T09:16:54,903][INFO ][o.o.p.PluginsService ] [node-1] loaded module [ingest-user-agent] [2024-04-05T09:16:54,903][INFO ][o.o.p.PluginsService ] [node-1] loaded module [lang-expression] [2024-04-05T09:16:54,903][INFO ][o.o.p.PluginsService ] [node-1] loaded module [lang-mustache] [2024-04-05T09:16:54,904][INFO ][o.o.p.PluginsService ] [node-1] loaded module [lang-painless] [2024-04-05T09:16:54,905][INFO ][o.o.p.PluginsService ] [node-1] loaded module [mapper-extras] [2024-04-05T09:16:54,906][INFO ][o.o.p.PluginsService ] [node-1] loaded module [opensearch-dashboards] [2024-04-05T09:16:54,906][INFO ][o.o.p.PluginsService ] [node-1] loaded module [parent-join] [2024-04-05T09:16:54,906][INFO ][o.o.p.PluginsService ] [node-1] loaded module [percolator] [2024-04-05T09:16:54,907][INFO ][o.o.p.PluginsService ] [node-1] loaded module [rank-eval] [2024-04-05T09:16:54,907][INFO ][o.o.p.PluginsService ] [node-1] loaded module [reindex] [2024-04-05T09:16:54,907][INFO ][o.o.p.PluginsService ] [node-1] loaded module [repository-url] [2024-04-05T09:16:54,908][INFO ][o.o.p.PluginsService ] [node-1] loaded module [search-pipeline-common] [2024-04-05T09:16:54,908][INFO ][o.o.p.PluginsService ] [node-1] loaded module [systemd] [2024-04-05T09:16:54,908][INFO ][o.o.p.PluginsService ] [node-1] loaded module [transport-netty4] [2024-04-05T09:16:54,909][INFO ][o.o.p.PluginsService ] [node-1] loaded plugin [opensearch-alerting] [2024-04-05T09:16:54,910][INFO ][o.o.p.PluginsService ] [node-1] loaded plugin [opensearch-anomaly-detection] [2024-04-05T09:16:54,910][INFO ][o.o.p.PluginsService ] [node-1] loaded plugin [opensearch-asynchronous-search] [2024-04-05T09:16:54,911][INFO ][o.o.p.PluginsService ] [node-1] loaded plugin [opensearch-cross-cluster-replication] [2024-04-05T09:16:54,912][INFO ][o.o.p.PluginsService ] [node-1] loaded plugin [opensearch-custom-codecs] [2024-04-05T09:16:54,912][INFO ][o.o.p.PluginsService ] [node-1] loaded plugin [opensearch-geospatial] [2024-04-05T09:16:54,913][INFO ][o.o.p.PluginsService ] [node-1] loaded plugin [opensearch-index-management] [2024-04-05T09:16:54,914][INFO ][o.o.p.PluginsService ] [node-1] loaded plugin [opensearch-job-scheduler] [2024-04-05T09:16:54,914][INFO ][o.o.p.PluginsService ] [node-1] loaded plugin [opensearch-knn] [2024-04-05T09:16:54,914][INFO ][o.o.p.PluginsService ] [node-1] loaded plugin [opensearch-ml] [2024-04-05T09:16:54,915][INFO ][o.o.p.PluginsService ] [node-1] loaded plugin [opensearch-neural-search] [2024-04-05T09:16:54,915][INFO ][o.o.p.PluginsService ] [node-1] loaded plugin [opensearch-notifications] [2024-04-05T09:16:54,915][INFO ][o.o.p.PluginsService ] [node-1] loaded plugin [opensearch-notifications-core] [2024-04-05T09:16:54,915][INFO ][o.o.p.PluginsService ] [node-1] loaded plugin [opensearch-observability] [2024-04-05T09:16:54,916][INFO ][o.o.p.PluginsService ] [node-1] loaded plugin [opensearch-performance-analyzer] [2024-04-05T09:16:54,917][INFO ][o.o.p.PluginsService ] [node-1] loaded plugin [opensearch-reports-scheduler] [2024-04-05T09:16:54,917][INFO ][o.o.p.PluginsService ] [node-1] loaded plugin [opensearch-security] [2024-04-05T09:16:54,919][INFO ][o.o.p.PluginsService ] [node-1] loaded plugin [opensearch-security-analytics] [2024-04-05T09:16:54,919][INFO ][o.o.p.PluginsService ] [node-1] loaded plugin [opensearch-sql] [2024-04-05T09:16:54,981][INFO ][o.o.s.OpenSearchSecurityPlugin] [node-1] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in opensearch.yml [2024-04-05T09:16:54,989][INFO ][o.o.e.ExtensionsManager ] [node-1] ExtensionsManager initialized [2024-04-05T09:16:55,027][INFO ][o.o.e.NodeEnvironment ] [node-1] using [1] data paths, mounts [[/ (/dev/sda1)]], net usable_space [35.1gb], net total_space [38.7gb], types [ext4] [2024-04-05T09:16:55,028][INFO ][o.o.e.NodeEnvironment ] [node-1] heap size [1.9gb], compressed ordinary object pointers [true] [2024-04-05T09:16:55,068][INFO ][o.o.n.Node ] [node-1] node name [node-1], node ID [Nhl4cMrLQEK9RwNdp6T1XQ], cluster name [wazuh-cluster], roles [ingest, remote_cluster_client, data, cluster_manager] [2024-04-05T09:16:58,941][INFO ][o.o.n.p.NeuralSearch ] [node-1] Registering hybrid query phase searcher with feature flag [plugins.neural_search.hybrid_search_disabled] [2024-04-05T09:16:59,276][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes [2024-04-05T09:16:59,312][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly. [2024-04-05T09:16:59,314][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration. [2024-04-05T09:16:59,314][INFO ][o.o.s.a.i.AuditLogImpl ] [node-1] Message routing enabled: false [2024-04-05T09:16:59,356][INFO ][o.o.s.f.SecurityFilter ] [node-1]Wazuh dashboard log
There are some connection refused errors because I restarted the manager, and I tried to access the Dahshboard when it was not ready. ```console root@ubuntu22:/home/vagrant# cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log {"date":"2024-04-05T09:22:42.155Z","level":"info","location":"initialize","message":"Wazuh dashboard index: .kibana"} {"date":"2024-04-05T09:22:42.156Z","level":"info","location":"initialize","message":"App revision: 06"} {"date":"2024-04-05T09:22:42.156Z","level":"info","location":"initialize","message":"Total RAM: 3909MB"} {"date":"2024-04-05T09:23:41.126Z","level":"info","location":"initialize","message":"Wazuh dashboard index: .kibana"} {"date":"2024-04-05T09:23:41.127Z","level":"info","location":"initialize","message":"App revision: 06"} {"date":"2024-04-05T09:23:41.127Z","level":"info","location":"initialize","message":"Total RAM: 3909MB"} {"data":{"config":{"data":"{}","method":"get","params":{},"url":"https://127.0.0.1:55000/manager/stats/remoted"},"message":"connect ECONNREFUSED 127.0.0.1:55000","stack":"Error: connect ECONNREFUSED 127.0.0.1:55000\n at Function.AxiosError.from (/usr/share/wazuh-dashboard/plugins/wazuh/node_modules/axios/lib/core/AxiosError.js:89:14)\n at RedirectableRequest.handleRequestError (/usr/share/wazuh-dashboard/plugins/wazuh/node_modules/axios/lib/adapters/http.js:606:25)\n at RedirectableRequest.emit (node:events:513:28)\n at RedirectableRequest.emit (node:domain:489:12)\n at ClientRequest.eventHandlers.
Conclusion
As a conclusion, no related errors were generated and everything is working fine. It is needed to ensure that this change does not break anything. We should discuss this with the rest of the teams about this change, and if so, perform a deeper testing.
sebasfalcone
c-bordon
CarlosALgit
teddytpc1
The Wazuh certificates creation tool uses the cipher algorithms RSA 2048 and SHA 256. It's time to analyze if we can upgrade them to 4096 and 512 respectively.